Thwarting Reverse Engineering Attacks through Keyless Logic Obfuscation

Logic obfuscation protects semiconductor IPs against reverse engineering threats by concealing IP implementation details using a tamper-proof key. With the continuous evolution of key recovery attacks exploiting functional, structural, and physical key exposures, the typical assumption of key secrecy becomes increasingly untenable. This work aims to end the tug of war between key-based defenses and key recovery attacks by delivering reverse engineering resilience through a novel keyless obfuscation approach that demands no external secret. The proposed solution locks the full functionality of a design using internally-generated and constantly-changing secrets that can be only extracted from the FSM transition history. The intrinsic secrets are secure against reverse engineering attempts due to the hardness of identifying valid transition paths to a target state from the obfuscated gate-level netlist. We develop an algorithm to synthesize the obfuscated FSM logic and the dynamic key update logic which jointly activate the design for all valid sequential queries so as to deliver unimpeded functionality for legal users. The algorithm enforces key consistency through equivalence-preserving FSM transformation and constraint-based state encoding to handle complex reconverging transition paths. Experimental results on MCNC benchmarks confirm the practicality and security of the proposed keyless logic obfuscation methodology.

Automated summary

Logic obfuscation protects semiconductor IPs by concealing implementation details with tamper-proof key. With key recovery attacks becoming more sophisticated, this work proposes a keyless obfuscation approach that relies on internally-generated and constantly-changing secrets. The proposed methodology achieves reverse engineering resilience and is proven to be practical and secure through experimental results.